gh-issue-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to run "gh issue view --json number,title,body,labels,assignees,state,url,comments" to fetch GitHub issue title/body and comments (user-generated, public third-party content) which the agent reads and uses to classify and decide on action, enabling potential indirect prompt injection.